ThreadFix 1.1 Release Candidate Now Available

We’ve been hard at work on ThreadFix since the 1.0 release in October and we’re just about ready to push out an updated 1.1 release. This week we’ve made a 1.1 release candidate available for folks to take a look at and review. You can get it from the ThreadFix downloads site.

What’s new in 1.1? Lots of stuff including:

  • Support for NTObjectives NTO Spider scans (#162)
  • Support for Microsoft Team Foundation Server (TFS) bug trackers (#117)
  • Adding user comments for vulnerabilities (#55)
  • Editing of manually-entered vulnerabilities (#160)
  • “Filter by CWE” for vunerabilities(#163)
  • Updated security model to allow for fine-grained user permissions (#56) (this has been a huge priority for the larger enterprises deploying ThreadFix)
  • Updated Snort rule generation (#113)
  • Updated license from MPL 1.1 to MPL 2.0 (#181)
  • Various updates and bug fixes and enhancements (#159, #168, #176, #196)

You can see the full list of features and defects addressed during the 1.1 development cycle in the issue tracker. We’ve posted information on the ThreadFix wiki about how to upgrade your ThreadFix 1.0.1 install to 1.1 and would love to hear any feedback from people going through that process. So take a look and please post any thoughts or bugs either on the ThreadFix issue tracker or join the ThreadFix Google Group and let us know there.

Contact us for help managing your software security program with ThreadFix.


dan _at_


About John Dickson

John Dickson web resolution

John Dickson is an internationally recognized security leader, entrepreneur and Principal at Denim Group, Ltd, the parent company of ThreadFix. He has more than 20 years' hands-on experience in intrusion detection, network security and application security in the commercial, public and military sectors. As a Denim Group Principal, he helps executives and Chief Security Officers (CSO's) of Fortune 500 companies, including major financial institutions, launch and expand their critical application security initiatives.